Update example to use crypto key handles APIs

Author: itayzafrir

main.cpp

@@ -58,19 +58,15 @@ int main(void)
 }
 #else
 
-/* Use key slot 1 for our cipher key. Key slot 0 is reserved as unused. */
-static const psa_key_slot_t key_slot_cipher = 1;
-
-static psa_status_t set_key_policy(psa_key_slot_t key_slot,
+static psa_status_t set_key_policy(psa_key_handle_t key_handle,
                                    psa_key_usage_t key_usage,
                                    psa_algorithm_t alg)
 {
     psa_status_t status;
-    psa_key_policy_t policy;
+    psa_key_policy_t policy = psa_key_policy_init();
 
-    psa_key_policy_init(&policy);
     psa_key_policy_set_usage(&policy, key_usage, alg);
-    status = psa_set_key_policy(key_slot, &policy);
+    status = psa_set_key_policy(key_handle, &policy);
     ASSERT_STATUS(status, PSA_SUCCESS);
 exit:
     return status;
@@ -111,7 +107,7 @@ static psa_status_t cipher_operation(psa_cipher_operation_t *operation,
     return status;
 }
 
-static psa_status_t cipher_encrypt(psa_key_slot_t key_slot,
+static psa_status_t cipher_encrypt(psa_key_handle_t key_handle,
                                    psa_algorithm_t alg,
                                    uint8_t *iv,
                                    size_t iv_size,
@@ -127,7 +123,7 @@ static psa_status_t cipher_encrypt(psa_key_slot_t key_slot,
     size_t iv_len = 0;
 
     memset(&operation, 0, sizeof(operation));
-    status = psa_cipher_encrypt_setup(&operation, key_slot, alg);
+    status = psa_cipher_encrypt_setup(&operation, key_handle, alg);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
     status = psa_cipher_generate_iv(&operation, iv, iv_size, &iv_len);
@@ -142,7 +138,7 @@ static psa_status_t cipher_encrypt(psa_key_slot_t key_slot,
     return status;
 }
 
-static psa_status_t cipher_decrypt(psa_key_slot_t key_slot,
+static psa_status_t cipher_decrypt(psa_key_handle_t key_handle,
                                    psa_algorithm_t alg,
                                    const uint8_t *iv,
                                    size_t iv_size,
@@ -157,7 +153,7 @@ static psa_status_t cipher_decrypt(psa_key_slot_t key_slot,
     psa_cipher_operation_t operation;
 
     memset(&operation, 0, sizeof(operation));
-    status = psa_cipher_decrypt_setup(&operation, key_slot, alg);
+    status = psa_cipher_decrypt_setup(&operation, key_handle, alg);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
     status = psa_cipher_set_iv(&operation, iv, iv_size);
@@ -187,25 +183,29 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block(void)
     uint8_t input[block_size];
     uint8_t encrypt[block_size];
     uint8_t decrypt[block_size];
+    psa_key_handle_t key_handle = 0;
+
+    status = psa_allocate_key(&key_handle);
+    ASSERT_STATUS(status, PSA_SUCCESS);
 
     status = psa_generate_random(input, sizeof(input));
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = set_key_policy(key_slot_cipher,
+    status = set_key_policy(key_handle,
                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
                             alg);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = psa_generate_key(key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
+    status = psa_generate_key(key_handle, PSA_KEY_TYPE_AES, key_bits,
                               NULL, 0);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = cipher_encrypt(key_slot_cipher, alg, iv, sizeof(iv),
+    status = cipher_encrypt(key_handle, alg, iv, sizeof(iv),
                             input, sizeof(input), part_size,
                             encrypt, sizeof(encrypt), &output_len);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = cipher_decrypt(key_slot_cipher, alg, iv, sizeof(iv),
+    status = cipher_decrypt(key_handle, alg, iv, sizeof(iv),
                             encrypt, output_len, part_size,
                             decrypt, sizeof(decrypt), &output_len);
     ASSERT_STATUS(status, PSA_SUCCESS);
@@ -214,7 +214,9 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block(void)
     ASSERT_STATUS(status, PSA_SUCCESS);
 
 exit:
-    psa_destroy_key(key_slot_cipher);
+    if (key_handle != 0) {
+        psa_destroy_key(key_handle);
+    }
     return status;
 }
 
@@ -233,25 +235,29 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(void)
     size_t output_len = 0;
     uint8_t iv[block_size], input[input_size],
             encrypt[input_size + block_size], decrypt[input_size + block_size];
+    psa_key_handle_t key_handle = 0;
+
+    status = psa_allocate_key(&key_handle);
+    ASSERT_STATUS(status, PSA_SUCCESS);
 
     status = psa_generate_random(input, sizeof(input));
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = set_key_policy(key_slot_cipher,
+    status = set_key_policy(key_handle,
                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
                             alg);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = psa_generate_key(key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
+    status = psa_generate_key(key_handle, PSA_KEY_TYPE_AES, key_bits,
                               NULL, 0);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = cipher_encrypt(key_slot_cipher, alg, iv, sizeof(iv),
+    status = cipher_encrypt(key_handle, alg, iv, sizeof(iv),
                             input, sizeof(input), part_size,
                             encrypt, sizeof(encrypt), &output_len);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = cipher_decrypt(key_slot_cipher, alg, iv, sizeof(iv),
+    status = cipher_decrypt(key_handle, alg, iv, sizeof(iv),
                             encrypt, output_len, part_size,
                             decrypt, sizeof(decrypt), &output_len);
     ASSERT_STATUS(status, PSA_SUCCESS);
@@ -260,7 +266,9 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(void)
     ASSERT_STATUS(status, PSA_SUCCESS);
 
 exit:
-    psa_destroy_key(key_slot_cipher);
+    if (key_handle != 0) {
+        psa_destroy_key(key_handle);
+    }
     return status;
 }
 
@@ -278,25 +286,29 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi(void)
     size_t output_len = 0;
     uint8_t iv[block_size], input[input_size], encrypt[input_size],
             decrypt[input_size];
+    psa_key_handle_t key_handle = 0;
+
+    status = psa_allocate_key(&key_handle);
+    ASSERT_STATUS(status, PSA_SUCCESS);
 
     status = psa_generate_random(input, sizeof(input));
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = set_key_policy(key_slot_cipher,
+    status = set_key_policy(key_handle,
                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
                             alg);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = psa_generate_key(key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
+    status = psa_generate_key(key_handle, PSA_KEY_TYPE_AES, key_bits,
                               NULL, 0);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = cipher_encrypt(key_slot_cipher, alg, iv, sizeof(iv),
+    status = cipher_encrypt(key_handle, alg, iv, sizeof(iv),
                             input, sizeof(input), part_size,
                             encrypt, sizeof(encrypt), &output_len);
     ASSERT_STATUS(status, PSA_SUCCESS);
 
-    status = cipher_decrypt(key_slot_cipher, alg, iv, sizeof(iv),
+    status = cipher_decrypt(key_handle, alg, iv, sizeof(iv),
                             encrypt, output_len, part_size,
                             decrypt, sizeof(decrypt), &output_len);
     ASSERT_STATUS(status, PSA_SUCCESS);
@@ -305,7 +317,9 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi(void)
     ASSERT_STATUS(status, PSA_SUCCESS);
 
 exit:
-    psa_destroy_key(key_slot_cipher);
+    if (key_handle != 0) {
+        psa_destroy_key(key_handle);
+    }
     return status;
 }